[arch-security] [Arch Linux Security Advisory ASA-201410-1] rsyslog: remote denial of service

Remi Gacogne rgacogne-arch at coredump.fr
Wed Oct 1 12:43:55 UTC 2014


Arch Linux Security Advisory ASA-201410-1
=========================================

Severity: Medium
Date    : 2014-10-01
CVE-ID  : CVE-2014-3634
Package : rsyslog
Type    : Denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE-2014

Summary
=======

The package rsyslog before version 8.4.1-1 is
vulnerable to a remote denial of service.

Resolution
==========

Upgrade to 8.4.1-1.

# pacman -Syu "rsyslog>=8.4.1-1"

The problem has been fixed upstream in version 8.4.1.

Workaround
==========

It is possible to prevent unauthorized remote hosts from sending syslog
messages to vulnerable hosts, for example by using a firewall.

Description
===========

Sending a syslog message containing an invalid PRI value to a
vulnerable rsyslog server accepting remote message will trigger a denial
of service by crashing the rsyslog process.

Impact
======

A remote attacker authorized to send syslog messages can cause the
syslog server to segfault, causing a denial of service.
According to the rsyslog project leader, under certain preconditions it
may possibly lead to remote code execution [1]. The default
configuration is safe from these preconditions.

References
==========

[1] http://www.rsyslog.com/remote-syslog-pri-vulnerability/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3634
https://bugs.archlinux.org/task/42200

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141001/25191b65/attachment.bin>


More information about the arch-security mailing list